The Ins and Outs of Business Email Compromise

Business Email Compromise

Attackers conduct extensive social engineering research to convince the victim to take immediate action by impersonating an individual of authority such as the CEO or CFO of a target organization. Business Email Compromise scams deceive victims into believing they’re communicating with an authority figure such as a CEO or CFO – often without the use of malicious links or attachments. These businesses were all victim to the same type of attack, and there are constants that can be observed and investigated for better prevention. When a business has identified that a malicious actor has managed to get the money into their accounts, it is imperative that the authorities are contacted, and the incident plan is quickly put into motion.

Business Email Compromise

Check Point Harmony Email & Office provides protection against BEC attacks and data loss prevention. To see Harmony Email & Office in action, you’re welcome to schedule a free demo.

The Basics of Business Email Compromise

Founded in 2017, Armorblox is headquartered in Sunnyvale, CA and backed by General Catalyst and Next47. At an appropriate time – usually when the employee being impersonated is out of the office – the attacker will send a bogus email to an employee in the finance department. A request is made for an immediate wire transfer, usually to any trusted vendor. The targeted employee thinks the money is being sent the expected account, but the account numbers have been altered slightly, and the transfer is actually deposited in the account controlled by the criminal group. In attorney impersonation scams, criminals pretend to be a lawyer who is working with an organization. The supposed lawyer may ask for money or data, and lower-level employees are often the targets. Convinced by the apparent authority of the sender, recipients sometimes fulfil the request before double-checking the message’s authenticity.

Business Email Compromise

Traditional threat detection solutions that analyze email headers, links, and metadata often miss these attack strategies. As organizations and security vendors work to protect against common types of phishing scams, cybercriminals always seem to stay one step ahead by adapting their tactics to get around established security controls.

Implement a complete, holistic strategy for reducing BEC risk

This is particularly concerning when you factor in that the rate of ransomware attacks has increased considerably in the past few years. Ensure all applications, operating systems, network tools, and internal software are up-to-date and secure. Question requests to keep information confidential and be skeptical of warnings to limit or bypass normal communication channels. Follow these tips and best practices to minimize BEC attacks’ frequency and impact. DO verify the authenticity of websites before providing any personal or sensitive information. DON’T click on attachments or links you aren’t expecting, even if they have innocuous sounding names . They often contain malware giving access to monitor your email/computer activities.

Formerly dubbed as Man-in-the-Email scams, BEC attackers rely heavily on social engineering tactics to trick unsuspecting employees and executives. Often, they impersonate CEO or any executive authorized to do wire transfers.

Step 3:Report

A cyber criminal steals the email account of a CEO or c-suite executive and uses this to trick other users into giving up sensitive information or money. The hacker will send the victim an email with a subject line requesting a money transfer. In these attacks, a hacker will send an employee a phishing email posing as a trusted individual to trick the victim into handing over sensitive information about the company, sending money, or sharing intellectual property. Data theft attacks typically target HR personnel to obtain Business Email Compromise personal information about a company’s CEO or other high-ranking executives. Rapid response times are critical for most cybersecurity incidents, and the same holds true for BEC attacks. If organizations are slow to identify a BEC attack that has been executed successfully, it’s unlikely that the money will be recovered. Barracuda Impersonation Protection is a powerful artificial intelligence engine that learns organizations’ unique communications patterns to identify and block real-time spear phishing attempts.

The message includes routing data for a bank account that’s actually controlled by the fraudsters, often at a foreign bank. In a variation on this scam, the email supposedly comes from a vendor looking to change its payment account. Cybercriminals take the time to study, analyze, and understand the business they are attempting to attack.


All information presented is without any representation, guaranty, or warranty regarding the accuracy, relevance, or completeness of the information. Protect your organization from the attacks that matter most with Abnormal Integrated Cloud Email Security. To learn more about how Abnormal can improve your security, request a demo of the platform today. Payment fraud attacks average $105,000 per attack with a maximum observed of $753,000. The average potential cost of invoice fraud is $120,000, with a maximum of $466,000 identified and prevented.

  • Pay close attention to requests for wire transfers that must be completed hastily or without proper authorization.
  • It will only take a few minutes and companies will happily verify invoices to ensure they are real.
  • WAF-as-a-Service Get WAF protection in minutes with our application security service.
  • Protecting your organization against business email compromise starts with ensuring you have the right people, process, and controls in place and tuned to defend against BEC and other email-based attacks.
  • BEC attacks are prevalent among cyber criminals because they rely on manipulation rather than brute force.

Herndon, Va. – July 20, 2021 – Expel, the managed detection and response provider that’s making great security as accessible as the internet, today announced the launch of Expel for Email. IC3 recommends office policies and IT strategies to reduce the BEC threat, as does the Financial Services Information and Analysis Center, a finance industry group that monitors cybersecurity and other threats. Someone you’ve become close to online asks you to open a bank account for the purpose of receiving or sending them money. Learn how Piedmont Natural Gas improved their email infrastructure in a secure and cost-effective manner with Guardian Digital to protect against phishing and malware attacks.

They have gotten more sophisticated since the days when phishing attacks were bulk-delivered and random. These actors engage in significant research and will exploit emotions and current events such as elections, natural disasters, terrorist attacks and global events like the COVID-19 pandemic.